MicroStudio HTML Injection Vulnerability in Project Comment Section

Vulnerability

A vulnerability allowing HTML injection has been identified in MicroStudio version 24.01.29. This issue arises in the comment section of the project page, where remote attackers can inject arbitrary web scripts or HTML. The vulnerability is exploited through the text parameter of the add_project_comment function.

Impact

Exploitation of this vulnerability could lead to HTML injection, allowing for the injection of arbitrary web scripts or HTML. Such an injection could be used to perform phishing attacks or deface the web application.

Added: Dec 15, 2025, 7:20 PM

Updated: Dec 15, 2025, 7:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MicroStudio HTML Injection Vulnerability in Project Comment Section

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating